Stephen Farrell wrote:
Ned Freed wrote:
This basically seems OK to me. I do question whether the threat analysis
document (which I guess we're calling the threat summary now) is the
right
place for this, however. And even if it ends up being the right
place, do we
really want to mandate the eventual location in the charter?
I had a similar thought, but there's also the timing issue, the folks
who wanted this done also wanted it early in the process. Otherwise,
I agree that that kind of text seems more at hime in the overview
deliverable, and it is a bit of a detail in the charter, but its
easier this way overall I think.
I question whether the threat summary/analysis document is the place
that this issue will get the proper attention by those contemplating and
implementing DKIM. I think the other places that have been suggested
(Security Considerations for one of the specifications, or some sort of
Implementers' Guide BCP) provide more visibility for this, as I think
it's an important point to make. Having issues be visible in the right
places is more important than whether we do it early in the process, IMO.
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org